Unstable service

mundialeditora · January 22, 2019, 3:07pm

Hello! I have to disable the site today because it is totally unstable access to it.

I had to put an hour on a certificate on my server to keep the site without the DNS / SSL services from you.

What is happening?
Currently it’s inactive

The site is the bookplay.com.br

Thank you

Withheld · January 22, 2019, 3:35pm

Both aron.ns.Cloudflare.com and dale.ns.Cloudflare.com have fully propagated. When I go to https://bookplay.com.br it shows the Lets’s Encrypt certificate. Did you install the Cloudflare certificate on your server as well?

mundialeditora · January 22, 2019, 3:41pm

It’s showing from LetsEncrypt because I’m with the site Paused on CDN.
I have not installed the Cloudflare Certificate, I am using “SSL FULL”.

I had to install LetsEncrypt now to keep the site online

Withheld · January 22, 2019, 4:12pm

For full you origin server needs to have a certificate (even self-signed), Full (strict) requires a signed certificate and Flexible (not recommended) is the only one not requiring you to install. If you’re using cPanel and want to use Full strict, go to SSL/TLS > Install and Manage SSL for your site (HTTPS) > select your domain > and install Certificate: (CRT), Private Key (KEY) and Certificate Authority Bundle: (CABUNDLE)

https://support.cloudflare.com/hc/en-us/articles/218689638-What-are-the-root-certificate-authorities-CAs-used-with-Cloudflare-Origin-CA-

mundialeditora · January 22, 2019, 4:14pm

I have a certificate self-signed.

Full SSL: Your origin supports HTTPS, but the certificate installed does not match your domain or is self-signed. Cloudflare will connect to your origin over HTTPS, but will not validate the certificate.

But it’s not the point.

Always worked normally, today that is giving problem of slowness.
I just re-enabled the Site, it is unstable.

Withheld · January 22, 2019, 4:48pm

My apologies, from the original post I wasn’t sure if you had already it running or not.
The issue with the previous self-signed certificate is hard to diagnose at this point why it was no longer valid. Perhaps it could have expired or needed to be reset for whatever reason,
Moving forward, unless you have a specific requirement for self-signed certificates, it would be advantages to move up to Full (strict) with a certificate signed by a CA.

mundialeditora · January 22, 2019, 5:04pm

Yea, we are thinking of modifying the SSL from the server to the one signed by the CA.

But it should not influence performance

Thank you

Withheld · January 22, 2019, 5:57pm

Without being able to diagnose the previous certificate issues directly, we can only guess. Maybe 404’s maybe something else. It might help to check your origins logs as they’ll provide more details.

system · February 21, 2019, 3:07pm

This topic was automatically closed after 30 days. New replies are no longer allowed.